static void
data_wrapper_set_mime_type (CamelDataWrapper *data_wrapper,
const gchar *mime_type)
{
if (data_wrapper->mime_type)
camel_content_type_unref (data_wrapper->mime_type);
data_wrapper->mime_type = camel_content_type_decode (mime_type);
}
static void
data_wrapper_set_mime_type_field (CamelDataWrapper *data_wrapper,
CamelContentType *mime_type)
{
if (mime_type)
camel_content_type_ref (mime_type);
if (data_wrapper->mime_type)
camel_content_type_unref (data_wrapper->mime_type);
data_wrapper->mime_type = mime_type;
}
static void
data_wrapper_dispose (GObject *object)
{
CamelDataWrapper *data_wrapper = CAMEL_DATA_WRAPPER (object);
if (data_wrapper->mime_type != NULL) {
camel_content_type_unref (data_wrapper->mime_type);
data_wrapper->mime_type = NULL;
}
/* Chain up to parent's dispose() method. */
G_OBJECT_CLASS (camel_data_wrapper_parent_class)->dispose (object);
}
static int
sm_encrypt(CamelCipherContext *context, const char *userid, GPtrArray *recipients, CamelMimePart *ipart, CamelMimePart *opart, CamelException *ex)
{
struct _CamelSMIMEContextPrivate *p = ((CamelSMIMEContext *)context)->priv;
/*NSSCMSRecipientInfo **recipient_infos;*/
CERTCertificate **recipient_certs = NULL;
NSSCMSContentInfo *cinfo;
PK11SymKey *bulkkey = NULL;
SECOidTag bulkalgtag;
int bulkkeysize, i;
CK_MECHANISM_TYPE type;
PK11SlotInfo *slot;
PLArenaPool *poolp;
NSSCMSMessage *cmsg = NULL;
NSSCMSEnvelopedData *envd;
NSSCMSEncoderContext *enc = NULL;
CamelStreamMem *mem;
CamelStream *ostream = NULL;
CamelDataWrapper *dw;
CamelContentType *ct;
poolp = PORT_NewArena(1024);
if (poolp == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, g_strerror (ENOMEM));
return -1;
}
/* Lookup all recipients certs, for later working */
recipient_certs = (CERTCertificate **)PORT_ArenaZAlloc(poolp, sizeof(*recipient_certs[0])*(recipients->len + 1));
if (recipient_certs == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, g_strerror (ENOMEM));
goto fail;
}
for (i=0;i<recipients->len;i++) {
recipient_certs[i] = CERT_FindCertByNicknameOrEmailAddr(p->certdb, recipients->pdata[i]);
if (recipient_certs[i] == NULL) {
camel_exception_setv(ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot find certificate for `%s'"), recipients->pdata[i]);
goto fail;
}
}
/* Find a common algorithm, probably 3DES anyway ... */
if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipient_certs, &bulkalgtag, &bulkkeysize) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot find common bulk encryption algorithm"));
goto fail;
}
/* Generate a new bulk key based on the common algorithm - expensive */
type = PK11_AlgtagToMechanism(bulkalgtag);
slot = PK11_GetBestSlot(type, context);
if (slot == NULL) {
/* PORT_GetError(); ?? */
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot allocate slot for encryption bulk key"));
goto fail;
}
bulkkey = PK11_KeyGen(slot, type, NULL, bulkkeysize/8, context);
PK11_FreeSlot(slot);
/* Now we can start building the message */
/* msg->envelopedData->data */
cmsg = NSS_CMSMessage_Create(NULL);
if (cmsg == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot create CMS Message"));
goto fail;
}
envd = NSS_CMSEnvelopedData_Create(cmsg, bulkalgtag, bulkkeysize);
if (envd == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot create CMS Enveloped data"));
goto fail;
}
cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
if (NSS_CMSContentInfo_SetContent_EnvelopedData(cmsg, cinfo, envd) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot attach CMS Enveloped data"));
goto fail;
}
cinfo = NSS_CMSEnvelopedData_GetContentInfo(envd);
if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot attach CMS data object"));
goto fail;
}
/* add recipient certs */
for (i=0;recipient_certs[i];i++) {
NSSCMSRecipientInfo *ri = NSS_CMSRecipientInfo_Create(cmsg, recipient_certs[i]);
if (ri == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot create CMS Recipient information"));
goto fail;
}
if (NSS_CMSEnvelopedData_AddRecipient(envd, ri) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot add CMS Recipient information"));
goto fail;
}
}
/* dump it out */
ostream = camel_stream_mem_new();
enc = NSS_CMSEncoder_Start(cmsg,
sm_write_stream, ostream,
NULL, NULL,
NULL, NULL,
sm_decrypt_key, bulkkey,
NULL, NULL);
if (enc == NULL) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot create encoder context"));
goto fail;
}
/* FIXME: Stream the input */
/* FIXME: Canonicalise the input? */
mem = (CamelStreamMem *)camel_stream_mem_new();
camel_data_wrapper_write_to_stream((CamelDataWrapper *)ipart, (CamelStream *)mem);
if (NSS_CMSEncoder_Update(enc, (char *) mem->buffer->data, mem->buffer->len) != SECSuccess) {
NSS_CMSEncoder_Cancel(enc);
camel_object_unref(mem);
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Failed to add data to encoder"));
goto fail;
}
camel_object_unref(mem);
if (NSS_CMSEncoder_Finish(enc) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Failed to encode data"));
goto fail;
}
PK11_FreeSymKey(bulkkey);
NSS_CMSMessage_Destroy(cmsg);
for (i=0;recipient_certs[i];i++)
CERT_DestroyCertificate(recipient_certs[i]);
PORT_FreeArena(poolp, PR_FALSE);
dw = camel_data_wrapper_new();
camel_data_wrapper_construct_from_stream(dw, ostream);
camel_object_unref(ostream);
dw->encoding = CAMEL_TRANSFER_ENCODING_BINARY;
ct = camel_content_type_new("application", "x-pkcs7-mime");
camel_content_type_set_param(ct, "name", "smime.p7m");
camel_content_type_set_param(ct, "smime-type", "enveloped-data");
camel_data_wrapper_set_mime_type_field(dw, ct);
camel_content_type_unref(ct);
camel_medium_set_content_object((CamelMedium *)opart, dw);
camel_object_unref(dw);
camel_mime_part_set_disposition(opart, "attachment");
camel_mime_part_set_filename(opart, "smime.p7m");
camel_mime_part_set_description(opart, "S/MIME Encrypted Message");
camel_mime_part_set_encoding(opart, CAMEL_TRANSFER_ENCODING_BASE64);
return 0;
fail:
if (ostream)
camel_object_unref(ostream);
if (cmsg)
NSS_CMSMessage_Destroy(cmsg);
if (bulkkey)
PK11_FreeSymKey(bulkkey);
if (recipient_certs) {
for (i=0;recipient_certs[i];i++)
CERT_DestroyCertificate(recipient_certs[i]);
}
PORT_FreeArena(poolp, PR_FALSE);
return -1;
}
static int
sm_sign(CamelCipherContext *context, const char *userid, CamelCipherHash hash, CamelMimePart *ipart, CamelMimePart *opart, CamelException *ex)
{
int res = -1;
NSSCMSMessage *cmsg;
CamelStream *ostream, *istream;
SECOidTag sechash;
NSSCMSEncoderContext *enc;
CamelDataWrapper *dw;
CamelContentType *ct;
switch (hash) {
case CAMEL_CIPHER_HASH_SHA1:
case CAMEL_CIPHER_HASH_DEFAULT:
default:
sechash = SEC_OID_SHA1;
break;
case CAMEL_CIPHER_HASH_MD5:
sechash = SEC_OID_MD5;
break;
}
cmsg = sm_signing_cmsmessage((CamelSMIMEContext *)context, userid, sechash,
((CamelSMIMEContext *)context)->priv->sign_mode == CAMEL_SMIME_SIGN_CLEARSIGN, ex);
if (cmsg == NULL)
return -1;
ostream = camel_stream_mem_new();
/* FIXME: stream this, we stream output at least */
istream = camel_stream_mem_new();
if (camel_cipher_canonical_to_stream(ipart,
CAMEL_MIME_FILTER_CANON_STRIP
|CAMEL_MIME_FILTER_CANON_CRLF
|CAMEL_MIME_FILTER_CANON_FROM, istream) == -1) {
camel_exception_setv(ex, CAMEL_EXCEPTION_SYSTEM,
_("Could not generate signing data: %s"), g_strerror(errno));
goto fail;
}
enc = NSS_CMSEncoder_Start(cmsg,
sm_write_stream, ostream, /* DER output callback */
NULL, NULL, /* destination storage */
NULL, NULL, /* password callback */
NULL, NULL, /* decrypt key callback */
NULL, NULL ); /* detached digests */
if (!enc) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot create encoder context"));
goto fail;
}
if (NSS_CMSEncoder_Update(enc, (char *) ((CamelStreamMem *)istream)->buffer->data, ((CamelStreamMem *)istream)->buffer->len) != SECSuccess) {
NSS_CMSEncoder_Cancel(enc);
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Failed to add data to CMS encoder"));
goto fail;
}
if (NSS_CMSEncoder_Finish(enc) != SECSuccess) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Failed to encode data"));
goto fail;
}
res = 0;
dw = camel_data_wrapper_new();
camel_stream_reset(ostream);
camel_data_wrapper_construct_from_stream(dw, ostream);
dw->encoding = CAMEL_TRANSFER_ENCODING_BINARY;
if (((CamelSMIMEContext *)context)->priv->sign_mode == CAMEL_SMIME_SIGN_CLEARSIGN) {
CamelMultipartSigned *mps;
CamelMimePart *sigpart;
sigpart = camel_mime_part_new();
ct = camel_content_type_new("application", "x-pkcs7-signature");
camel_content_type_set_param(ct, "name", "smime.p7s");
camel_data_wrapper_set_mime_type_field(dw, ct);
camel_content_type_unref(ct);
camel_medium_set_content_object((CamelMedium *)sigpart, dw);
camel_mime_part_set_filename(sigpart, "smime.p7s");
camel_mime_part_set_disposition(sigpart, "attachment");
camel_mime_part_set_encoding(sigpart, CAMEL_TRANSFER_ENCODING_BASE64);
mps = camel_multipart_signed_new();
ct = camel_content_type_new("multipart", "signed");
camel_content_type_set_param(ct, "micalg", camel_cipher_hash_to_id(context, hash));
camel_content_type_set_param(ct, "protocol", context->sign_protocol);
camel_data_wrapper_set_mime_type_field((CamelDataWrapper *)mps, ct);
camel_content_type_unref(ct);
camel_multipart_set_boundary((CamelMultipart *)mps, NULL);
mps->signature = sigpart;
mps->contentraw = istream;
camel_stream_reset(istream);
camel_object_ref(istream);
camel_medium_set_content_object((CamelMedium *)opart, (CamelDataWrapper *)mps);
} else {
ct = camel_content_type_new("application", "x-pkcs7-mime");
camel_content_type_set_param(ct, "name", "smime.p7m");
camel_content_type_set_param(ct, "smime-type", "signed-data");
camel_data_wrapper_set_mime_type_field(dw, ct);
camel_content_type_unref(ct);
camel_medium_set_content_object((CamelMedium *)opart, dw);
camel_mime_part_set_filename(opart, "smime.p7m");
camel_mime_part_set_description(opart, "S/MIME Signed Message");
camel_mime_part_set_disposition(opart, "attachment");
camel_mime_part_set_encoding(opart, CAMEL_TRANSFER_ENCODING_BASE64);
}
camel_object_unref(dw);
fail:
camel_object_unref(ostream);
camel_object_unref(istream);
return res;
}
static gboolean
empe_inlinepgp_signed_parse (EMailParserExtension *extension,
EMailParser *parser,
CamelMimePart *part,
GString *part_id,
GCancellable *cancellable,
GQueue *out_mail_parts)
{
CamelStream *filtered_stream;
CamelMimeFilterPgp *pgp_filter;
CamelContentType *content_type;
CamelCipherContext *cipher;
CamelCipherValidity *valid;
CamelDataWrapper *dw;
CamelMimePart *opart;
CamelStream *ostream;
GQueue work_queue = G_QUEUE_INIT;
GList *head, *link;
gchar *type;
gint len;
GError *local_error = NULL;
GByteArray *ba;
if (g_cancellable_is_cancelled (cancellable) ||
/* avoid recursion */
(part_id->str && part_id->len > 17 && g_str_has_suffix (part_id->str, ".inlinepgp_signed")))
return FALSE;
cipher = camel_gpg_context_new (e_mail_parser_get_session (parser));
/* Verify the signature of the message */
valid = camel_cipher_context_verify_sync (
cipher, part, cancellable, &local_error);
if (local_error != NULL) {
e_mail_parser_error (
parser, out_mail_parts,
_("Error verifying signature: %s"),
local_error->message);
g_error_free (local_error);
e_mail_parser_parse_part_as (
parser, part, part_id,
"application/vnd.evolution.source",
cancellable, out_mail_parts);
g_object_unref (cipher);
return TRUE;
}
/* Setup output stream */
ostream = camel_stream_mem_new ();
filtered_stream = camel_stream_filter_new (ostream);
/* Add PGP header / footer filter */
pgp_filter = (CamelMimeFilterPgp *) camel_mime_filter_pgp_new ();
camel_stream_filter_add (
CAMEL_STREAM_FILTER (filtered_stream),
CAMEL_MIME_FILTER (pgp_filter));
g_object_unref (pgp_filter);
/* Pass through the filters that have been setup */
dw = camel_medium_get_content ((CamelMedium *) part);
camel_data_wrapper_decode_to_stream_sync (
dw, (CamelStream *) filtered_stream, cancellable, NULL);
camel_stream_flush ((CamelStream *) filtered_stream, cancellable, NULL);
g_object_unref (filtered_stream);
/* Create a new text/plain MIME part containing the signed
* content preserving the original part's Content-Type params. */
content_type = camel_mime_part_get_content_type (part);
type = camel_content_type_format (content_type);
content_type = camel_content_type_decode (type);
g_free (type);
g_free (content_type->type);
content_type->type = g_strdup ("text");
g_free (content_type->subtype);
content_type->subtype = g_strdup ("plain");
type = camel_content_type_format (content_type);
camel_content_type_unref (content_type);
ba = camel_stream_mem_get_byte_array ((CamelStreamMem *) ostream);
opart = camel_mime_part_new ();
camel_mime_part_set_content (opart, (gchar *) ba->data, ba->len, type);
g_free (type);
len = part_id->len;
g_string_append (part_id, ".inlinepgp_signed");
e_mail_parser_parse_part (
parser, opart, part_id, cancellable, &work_queue);
head = g_queue_peek_head_link (&work_queue);
for (link = head; link != NULL; link = g_list_next (link)) {
EMailPart *mail_part = link->data;
e_mail_part_update_validity (
mail_part, valid,
E_MAIL_PART_VALIDITY_SIGNED |
E_MAIL_PART_VALIDITY_PGP);
}
e_queue_transfer (&work_queue, out_mail_parts);
g_string_truncate (part_id, len);
/* Add a widget with details about the encryption, but only when
* the encrypted isn't itself secured, in that case it has created
* the button itself */
if (!e_mail_part_is_secured (opart)) {
EMailPart *mail_part;
g_string_append (part_id, ".inlinepgp_signed.button");
e_mail_parser_parse_part_as (
parser, part, part_id,
"application/vnd.evolution.widget.secure-button",
cancellable, &work_queue);
mail_part = g_queue_peek_head (&work_queue);
if (mail_part != NULL)
e_mail_part_update_validity (
mail_part, valid,
E_MAIL_PART_VALIDITY_SIGNED |
E_MAIL_PART_VALIDITY_PGP);
e_queue_transfer (&work_queue, out_mail_parts);
g_string_truncate (part_id, len);
}
/* Clean Up */
camel_cipher_validity_free (valid);
g_object_unref (opart);
g_object_unref (ostream);
g_object_unref (cipher);
return TRUE;
}
